Lucene search
K

45 matches found

OSV
OSV
added 2026/06/19 10:10 p.m.16 views

GHSA-4XGF-CPJX-PC3J pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size

Summary NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is followed, so files outside the configured directory are read into settings value...

5.3CVSS5.9AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in php-pear

In ArchiveTar before version 1.4.14, symlinks can reference targets outside of the extracted archive. This is a separate vulnerability from CVE-2020-36193...

7.1CVSS7.1AI score0.73377EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 2:16 a.m.13 views

UBUNTU-CVE-2026-42496

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

9.1CVSS5.8AI score0.0043EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43162

Name of the Vulnerable Software and Affected Versions Archive::Tar versions prior to 3.08 Description Archive::Tar for Perl allows the extraction of symlinks with attacker-controlled targets located outside the extraction directory. The function make special file passes the tar header's linkname ...

9.1CVSS5.8AI score0.0043EPSS
Exploits0References36
Snyk
Snyk
added 2026/05/18 7:8 p.m.13 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the ExtractRelativeToDirectoryAsync path handling in src/libraries/System.Formats.Tar/src/System/Formats/Tar/TarEntry.cs. An attacker can create a tar archive that extracts a symbolic link whose target is a roote...

6.3CVSS6.3AI score0.00711EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/11 6:39 p.m.12 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7.2AI score0.00292EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/21 12:56 a.m.4 views

CVE-2026-39861 Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace

Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the...

7.7CVSS6.4AI score0.00518EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 12:56 a.m.29 views

CVE-2026-39861

CVE-2026-39861 affects Claude Code prior to version 2.1.64. The sandbox could be escaped by following symlinks outside the workspace when a path under a symlink was written to, allowing an unsandboxed process to reach arbitrary locations. This could enable code execution outside the sandbox under...

10CVSS6.4AI score0.00518EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/13 5:43 a.m.7 views

BIT-GOLANG-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the ATSYMLINKNOFOLLOW flag, which Root.Chmod uses to...

6.4CVSS5.8AI score0.00292EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32421

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT SYMLINK NOFOLLOW flag, which Root.Chmod uses to...

6.4CVSS5.8AI score0.00292EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-32282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even...

6.4CVSS7.2AI score0.00292EPSS
Exploits0References4
NVD
NVD
added 2026/03/10 7:44 a.m.6 views

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS0.00253EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2026/03/09 9:11 p.m.4 views

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/09 9:11 p.m.3 views

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References2
Debian CVE
Debian CVE
added 2026/03/09 9:11 p.m.5 views

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS7.5AI score0.00253EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/03/07 7:31 p.m.5 views

CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS5.8AI score0.0022EPSS
Exploits1References1
OSV
OSV
added 2026/03/06 10:10 p.m.3 views

GHSA-HCM4-6HPJ-VGHM Zarf's symlink targets in archives are not validated against destination directory

Summary A path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or write on the system processing the package. What users should do Upgrade immediately to version...

8.2CVSS6.2AI score0.0022EPSS
Exploits1References4
NVD
NVD
added 2026/03/06 5:16 p.m.5 views

CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS0.0022EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/29 10:5 p.m.3 views

Function Call With Incorrect Order of Arguments

Overview Affected versions of this package are vulnerable to Function Call With Incorrect Order of Arguments via the handleSymlink function. An attacker can create symlinks outside the intended extraction directory by providing a specially crafted tar or deb archive that exploits argument confusi...

6.7CVSS5.9AI score0.00167EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/29 9:12 p.m.5 views

CVE-2026-24846 malcontent's archive extraction could write outside extraction directory

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...

5.5CVSS5.9AI score0.00167EPSS
Exploits0References3
Rows per page
Query Builder